Is it possible to generate GnuPG keys without subkeys?


I have been using PGP and then GnuPG for over 20 years now, and my oldest key is still on MIT server since 1996. (RSA 1024 without subkeys...)

Over the time the keys became pairs of Main and Subkey. In all these years I have not once needed the subkey function. Nor do I know anyone personally who has used it.

I might have read all the "Good Reasons" for why subkeys "should" be used. But none to these reasons applied to me.

E.g. subkeys are great when the encryption key is compromised!!! But my encryption keys have never been compromised. Neither do I know anyone who's keys has.

Or supposedly it is good for organizations where one main key is associated with many encryption keys. I have not seen it. I wonder if such organization exists anywhere in this Universe. From all I have seen, the subkey idea appears to be a case of over-engineering with no or very rare use in real life. Perhaps the idea is just a rationalization of the DSA/elGamal scheme.

In any case, I am working on some software where Subkeys are not utilized. Also, I want my keys to be compatible with RetroShare (a secure p2p IM chat and file exchange, using only single keys without subkeys.)

Does anyone know if there a way to generate keys without subkeys. I am only aware of the option to remove subkeys in the --edit-key menu. I don't know if keys can be generated without them. Is there a way? thank you much for any help to further understand this issue.


Posted 2016-02-01T14:07:05.527

Reputation: 165

Note that RetroShare might have some security issues

– Sergei – 2016-10-11T18:41:05.967



Advantages of using Subkeys

The better-use-subkeys-mentality might look like overengineering, but has some strong arguments. The necessity when used with signing-only algorithms like DSA is obvious (and not debated). The ability of putting the private primary key offline (and reducing risk of losing it) and rotating keys being easier might look very important when not heavily relying on the web of trust. But there are other reasons: separating usage might reduce the risk when using both encryption and signatures. For example, there once was a flaw with bad random numbers and DSA keys, where issuing a bunch of signatures revealed your private key. If that key would have also been used for encryption, also your private communication would have been revealed. Of course, DSA keys couldn't have been used for encryption, but tells similar problems won't occur with RSA?

Another example: OpenSSH had some issues that possibly revealed your private SSH keys to the key server. I'm using OpenPGP authentication subkeys together with monkeysphere, in this case my authentication subkey would have been revealed, not my primary key. Rolling the authentication subkey took me five minutes, distributing completely new keys would take me an hour (or even longer).

Subkeys might add some complexity, but you don really see it and it just works fine. The computation and storage overhead is negligible, there is no additional manual effort. Why not just take some (possible) additional benefits "for free"?

Not Using Them Anyway

There might well be reasons not to use subkeys. Maybe you just want to rely on some parts of the OpenPGP infrastructure, and not care about trust management and others at all. If you create software for others, consider not restricting your users: maybe it might also be reasonable for some to simply provide a subkey, instead of creating a completely unrelated key pair?

Generating keys without subkeys requires usage of an algorithm that supports both encryption and signatures, which RSA does (but DSA wouldn't). For generating a "general purpose" primary key without any subkeys, you have to use the --expert key generation menu:

gpg --expert --gen-key

Then choose (8) RSA (set your own capabilities). You will be able to select the possibly uses of the key, where C (certification) is required for a primary key, S (signing), E (encryption) and A (authentication) can be selected arbitrarily. Finish the rest of the assistant, and you will receive a primary key without any subkeys with the chosen capabilities.

Jens Erat

Posted 2016-02-01T14:07:05.527

Reputation: 14 141

Our software is for non-technical users who'd not utilize the extra features even if we'd provide them. So the only relevant point would be the potential security risk as you outlined with the DSA example.

However using RSA under GnuPG, the main key is not used for signing messages, instead the signature and encryption are both made subkeys.

Therefore it seems that even if there was such weakness in RSA, the use of subkeys would not protect us against it.

If this is true, then I really don't see any advantage in using subkeys, the context of our software. Am I missing something? – Vivarto – 2016-02-06T13:11:32.147


@jens-erat Thank you for your answer, I was looking for the same thing. Just one detail for the record:

gpg --expert --gen-key

didn't work for me (GPG 2.2.4). This worked:

gpg --expert --full-generate-key


Posted 2016-02-01T14:07:05.527

Reputation: 1


Welcome to Super User! The site's Q&A format reserves answers for solutions to the question. This post is really a comment on another answer rather than an answer. You can always comment on your own posts, and once you have sufficient reputation you will be able to comment on any post.

– fixer1234 – 2019-01-26T10:25:14.777